Sign up to our newsletter
The latest security news direct to your inbox
ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please remind me to finish my article on PERFECT.BAT..) Fortunately, most FPs don't have such public consequences, and McAfee deserve more credit than they've received for their prompt response and attempts at remediation. Again, I wouldn't expect less of a reputable vendor.
It didn't feel appropriate to discuss support issues for a competing product here (though someone did ask us recently for information on a Trend Micro issue!), but I have, wearing my AVIEN vendor-neutral hat, included pointers to the relevant links for people experiencing such problems in a blog here.
However, our labs in Bratislava and Latin America have advised us that they've seen SEO poisoning relating to the issue, and pointing to malicious sites that attempt to install fake antivirus (for which we have detection). I note that Graham Cluley of Sophos is also reporting malicious links on search terms like mcafee, wecorl, svchost.exe, false positive and so on, though I don't know if Sophos is seeing exactly the same malware.
Clearly, you should, as usual, be cautious about following links relating to topical issues.
David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
Author David Harley, ESET